CLEANSTART-2026-RD06185 Security fixes for CVE-2024-29371, CVE-2026-1225, CVE-2026-24281, CVE-2026-24308, CVE-2026-42577, CVE-2026-42583, ghsa-25qh-j22f-pwp8, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-7xrh-hqfc-g7qr, ghsa-crhr-qqj8-rpxc, ghsa-mj4r-2hfc-f8p6, ghsa-qqpg-mvqg-649v, ghsa-rwm7-x88c-3g2p applied in versions: 7.6.9-r2, 7.6.9-r3, 7.6.9-r4, 7.6.9-r5

Multiple security vulnerabilities affect the confluent-common-docker package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: confluent-common-docker, git-lfs, knative-serving, kserve-rest-proxy, pvc-autoresizer, blobfuse2, gitsign, php-fpmexporter, lvm-driver, docker-credential-ecr-login, dagdotdev, gostatsd, nats, modelmesh-runtime-adapter, vault-k8s, newrelic-nri-statsd, kuberay-operator...

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: knative-eventing, nats, azuredisk-csi-fips, blob-csi-fips, cluster-autoscaler-fips, kube-vip, custom-pod-autoscaler-operator, falco, kubernetes-csi-node-driver-registrar-fips, cloud-provider-aws, pvc-autoresizer, linkerd2-proxy-init, knative-eventing-fips,...

CVE-2025-52999 vulnerabilities

Vulnerabilities for packages: confluent-common-docker, gradle-stage0, cassandra-reaper, celeborn, cassandra, tez...

GHSA-H46C-H94J-95F3 vulnerabilities

Vulnerabilities for packages: confluent-common-docker, gradle-stage0, cassandra-reaper, celeborn, cassandra, tez...

GHSA-WXR5-93PH-8WR9 vulnerabilities

Vulnerabilities for packages: apache-activemq-artemis, trino, confluent-common-docker, opensearch, cassandra-reaper, akhq, apache-nifi, jenkins, jenkins-plugin-manager, kafka, wildfly, strimzi-kafka-operator, spdx-tools-java, sonarqube, tez, apicurio-registry...

CVE-2025-48734 vulnerabilities

Vulnerabilities for packages: jenkins-plugin-manager, prometheus-jmx-exporter, apache-activemq-artemis, strimzi-kafka-operator, apache-nifi, ghidra, confluent-kafka-jre-bcfips, camunda-zeebe, tez, kafka, neo4j, cassandra-reaper, trino, confluent-common-docker, sonarqube, spdx-tools-java, akhq,...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: govulncheck, sbom-scorecard, kube-fluentd-operator, coredns, wazero, kubernetes-dashboard-metrics-scraper, neuvector-scanner, kube-vip, cert-manager-cmctl, cloud-provider-aws, wire-go, node-problem-detector, sqlexporter, scorecard, mage, neuvector-dbgen, petname,...